My DMZ: Small but functional

15 Sep

Although I am working with Cloud technology professionally, personally I like to keep my services local. I really like being able to see the servers and disks that are processing and holding my data and I really enjoy setting up the hardware and configuring the operating system and the services running on top.

Hosting services at home isn’t always that easy, though. One thing that usually simplifies things is to have a static IP. Another thing, at least if you want to secure your web servers with SSL certificates, is being able to have multiple IP addresses. Unfortunately I am currently stuck with a provider that offers neither to private customers so I have to make do with just one dynamic IP. Well, necessity is the mother of invention, so read on for the full story of my DMZ setup.

Continue reading

The Tower of Pi

22 Aug

 

IMG_20160828_124457

So this is my new DMZ setup – a more technical write-up will follow. I’m really happy that the disks fits so nicely on the “shelves”. The “tower” comes from ModMyPi.

Backup strategies, part 1

10 Apr

Backing up is easy, right?

There’s nothing more important than to make sure that your valuable data is backed up in the right way so that, when disaster strikes, you’re covered and get back to where you left off as soon as possible.

While that may sound simple, it really isn’t. There’s a wealth of different backup solutions out there, but in order to succeed with any of them you must have done some planning first which usually boils down to the following steps: Continue reading

Setting up Yubikey+GnuPG on Debian/Jessie

6 Apr

The following steps were successful for me when setting up the Yubikey GnuPG (and ssh authentication through GnuPG) on Debian Jessie running the MATE window manager.

Start by installing the necessary packages

$ sudo apt-get install gnupg-agent scdaemon pcscd pcsc-tools dconf-editor

Change the GnuPG config files to use the gpg-agent with ssh support

$ echo “use-agent” >> .gnupg/gpg.conf
$ echo enable-ssh-support >> ~/.gnupg/gpg-agent.conf

  • As the ordinary user, start the dconfig-editor
  • Press ctrl-f and search for gnome-compat-startup (in org/mate/desktop/session/gnome-compat-startup)
  • Change the value to ‘smproxy’ (remove ‘keyring’)

Add an udev rule to make sure that the user can access the Yubikey

I didn’t get the udev rule enabling access for the console user (below) to work reliably – the device failed to keep its settings after the screensaver kicked it so we’ll skip that for no (needs more investigation).

# cat > /etc/udev/rules.d/99-yubikeys.rules
SUBSYSTEMS==”usb”, ATTRS{idVendor}==”1050″, ATTRS{idProduct}==”0407″, TAG+=”uaccess”

Instead I’m relying on the plugdev group method which seems to work fine (just make sure that you are a member of plugdev, which can be cheked with id::

# cat > /etc/udev/rules.d/99-yubikeys.rules
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", GROUP="plugdev"

Logout and and login again. gpg2 –card-status  should now work fine!

Resources used for this post:

https://wiki.debian.org/Smartcards/YubiKey4
https://wiki.debian.org/Smartcards/OpenPGP